October 24, 2012

Who Hacked Saudi Aramco in August?

The virus erased data on three-quarters of Aramco’s
corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it
with an image of a burning American flag.

United States intelligence officials say the attack’s real
perpetrator was Iran, although they offered no specific evidence to support
that claim.

And,

That virus — called Shamoon after a word embedded in its
code — was designed to do two things: replace the data on hard drives with an
image of a burning American flag and report the addresses of infected computers
— a bragging list of sorts — back to a computer inside the company’s network.

Shamoon’s code included a so-called kill switch, a timer set
to attack at 11:08 a.m., the exact time that Aramco’s computers were wiped of
memory. Shamoon’s creators even gave the erasing mechanism a name: Wiper.

Aramco’s attackers posted blocks of I.P. addresses of
thousands of Aramco PCs online as proof of the attack.